If you learn anything from ransomware attacks you hear in the news, it’s that ransomware is increasingly targeting small businesses and consumers. If ransomware is something you put off thinking about because you think you’re too small for criminals to bother with, then you’re exactly who the criminals are coming after.
Ransomware is driven by a much more sophisticated group of organized criminals. They use software to initiate thousands of attacks. The asking price is typically low so they know they can extort thousands of unsuspecting small businesses daily and make a tidy profit if they target those companies least likely to have their data backed up and their networks adequately guarded.
Make no mistake, your business is at risk for ransomware. It’s only a matter of time.
Recent attacks like WannaCry show us that there is no fool-proof measure to stop the attack from happening. To protect your company, your best bet is to deal with your primary risk factor for ransomware.
Ransomware FAQ: 6 Common Questions
1. Who is at risk of ransomware attacks?
Everyone. Ransomware is becoming more prevalent. SonicWall’s 2021 Cyberthreat Report measured a 62% year-over-year increase in ransomware attempts.
Yes, we mean everyone
In early 2021, a phishing scam ensnared a small law firm. A few months later, one of our clients – a small, 100% remote company – was attacked.
We stepped in to help the law firm (they became a client after the attack). When we noticed our client clicked a malicious link, we cut their computer off from the network and stopped the attack from spreading.
2. What’s difference between ransomware and malware?
Any program or code designed to damage a computer, device, network or system is malware. Ransomware is a type of malware. All ransomware is malware but not all malware is ransomware.
10 types of malware
– Spam and Phishing
– Bots and Botnet
– Fileless malware
Types of ransomware
There are 2 main types of ransomware. When a hacker encrypts your files, meaning they are inaccessible to you and your team, that’s crypto-ransomware.
During a lockerware ransomware attack, the criminals lock you out of your own devices.
3. What happens during a ransomware attack?
How an attack unfolds depends on the type of ransomware. You’ll either find that you can’t use the device (lockerware) or you can’t access your files (crypto-ransomware).
Once the hacker has control, they’ll make their demand. The FBI and cyber experts agree, you should not pay the ransom. There is no guarantee you’ll get your data back. Instead, you lose money and encourage further attacks. It’s better to have a strong prevention plan and robust backup system.
4. How do I prevent ransomware attacks?
You’ll deploy a mix of tools to prevent ransomware. Start with traditional solutions, like a firewall and antivirus. Then layer on advanced threat monitoring, identity-based security and device management.
The combination of tools and services that make sense for your organization will be unique to your circumstances. Here’s a small sample of what you need to consider as you design a solution:
- Compliance requirements
- The type of data you manage
- Whether you’re in the cloud
- Where employees work
Employees play a role in ransomware prevention
Employees (even owners!) are the typical point of entry for ransomware. Attacks generally come through email attachments and links that employees click on, infecting anything that the employee has access to, from their local hard drive to shared servers.
Here’s how it works. An employee receives a phishing email that includes a file or link. The link directs a download of malware without the user knowing, or it contains an executable program file that is designed to look like a harmless standard file, like a Word document. In reality, it embeds ransomware software to their device. The malware accesses files on the computer – or other devices the computer is connected to – and encrypts them.
The result is stress, data loss, financial burdens and more stress. Companies are paranoid after the fact, understandably so. It’s an incredible feeling of being violated that can bruise the ego and the company’s coffers. After the fact, small businesses that risk ransomware infections wish they’d done things differently.
The rapid evolution of WannaCry and similar attacks that exploit the same network weaknesses clearly demonstrates that criminals are staying ahead of security measures. It’s a constant game of cat-and-mouse that small businesses struggle to stay on the winning side of. With your employees as your top risk factor, there’s a more effective and affordable way to significantly reduce the danger.
One click on a malicious link can decimate your security investments. Your firewall won’t help; the hacker has been invited into your network. Cyber awareness training familiarizes your team to threats without putting your organization in jeopardy. You can have your employees watch training videos and periodically test them with fake phishing emails to see if they fall for the trap.
We use a service where we send harmless emails that look as a ransomware email might. If the employee clicks, they realize they would have been infected and then they receive a training module. This kind of training has been shown to reduce a company’s vulnerability down to 1.2%.
The goal isn’t to play “gotcha”
You’re seeing where gaps in knowledge about ransomware exist so you can determine what additional education is needed to mitigate the risk.
We’re living in an age of information overload, and criminals know exactly how to exploit that. Your employees are constantly bombarded by emails. It only takes one click to wind up with ransomware on your network. Provide your staff real world training so that when it hits, they know exactly what to do.
5. What can I do if my files are encrypted?
After your files are encrypted, your course of action will depend on what you did before the hacker took control. If you have a solid backup solution in place, you will be able to restore from backup. Without a copy of your data, you face a costly, time-consuming, uphill battle. There is no guarantee you’ll retrieve your missing files. Do yourself a favor. Back-up your data.
6. How do you get rid of ransomware?
Ransomware removal isn’t easy. There is no single game plan you can follow to decimate the threat. Always have an expert manage the process. Most likely, they will take all or some of the following actions:
- Isolate the machine with ransomware from the rest of your network
- Identify the type of ransomware
- Run specialized programs and apply expertise to remove the virus
- Recover your files or restore from data backup
Have a question we didn’t answer?
Contact Us – our experts are happy to help.